<?php

class BackendController extends CController {

    public static $permission;
    protected $user;
    protected $current_location;

    public function init() {
        parent::init();
        $this->user = Yii::app()->session['user'];
        if (empty($this->user)) {
            $this->redirect(array('index/index'));
        }
        $this->layout = 'layout2';
    }

    /**
     * @return array action filters
     */
    public function filters() {
        return array(
            'accessControl', // perform access control for CRUD operations
        );
    }

    /**
     * Specifies the access control rules.
     * This method is used by the 'accessControl' filter.
     * @return array access control rules
     */
    public function accessRules() {
        if ($this->user['id'] == 1) {
            return array();
        }        
        if (!empty($this->user['role'])) {
            Yii::app()->user->loginUrl[0] = '/index/accessdefine';
            $permission = Permission::model()->findAll('role_id IN (' . $this->user['role'] . ')');
            $listPermission = array();
            if (!empty($permission)) {
                foreach ($permission as $item) {
                    $listPermission[$item->controller][] = unserialize($item->actions);
                }
            }
            $tmpPer = array();
            foreach ($listPermission as $key => $item) {
                $tmp = array();
                foreach ($item as $sub) {
                    $tmp = array_merge($tmp, $sub);
                }                
                $tmpPer[$key] = array_unique($tmp);
            }
            $listPermission = $tmpPer;

            self::$permission = $listPermission;
            $controller = Yii::app()->controller->id;
            if (isset($listPermission[$controller])) {
                $listAction = $listPermission[$controller];
                return array(
                    array('allow', // allow all users to access 'index' and 'view' actions.
                        'actions' => $listAction,
                        'users' => array(Yii::app()->user->guestName),
                    ),
                    array('allow', // allow authenticated users to access all actions
                        'users' => array('@'),
                    ),
                    array('deny', // deny all users
                        'users' => array('*'),
                    ),
                );
            } else {
                $this->redirect(array('index/accessdefine'), true);
            }
        } else {
            $this->redirect(array('index/accessdefine'), true);
        }
    }

    protected function checkRole($controller, $action, $return = false) {
        if ($this->user['id'] == 1) {
            return true;
        }
        $listPermission = self::$permission;
        if (!isset($listPermission[$controller])) {
            if ($return == false) {
                $this->redirect(array('index/accessdefine'));
            } else {
                return false;
            }
        } elseif (!in_array($action, $listPermission[$controller])) {
            if ($return == false) {
                $this->redirect(array('index/accessdefine'));
            } else {
                return false;
            }
        }
        return true;
    }

}